New phishing scams are targeting U of T staff and students

September is a busy month for everyone at the University as we gear up for the fall semester. At the University of Toronto (U of T), communication between administrative staff and the student community is at its peak, making it the perfect time for attackers to phish people under the guise of administrative and student interaction.

This year, attackers are leveraging the communications of a new school semester in a variety of ways. Currently, two of the most common scams at U of T feature:

  • Urgent email account upgrade notices that threaten account termination.
  • Emails containing potentially malicious attachments.

Read below for a description of these phishing scams and tips on what to do if you receive one.

1. Upgrade notice

A widely-circulated email is asking students and staff to ‘upgrade’ their U of T email accounts before termination by providing a phone number that they are asked to text. The recipient is then asked to await further instruction. Examples of this phishing email can be viewed on the Security Matters PhishBowl here:

If you have received this email, Information Security and Enterprise Architecture (ISEA) recommends you take the following actions:

  • If you responded to the email and texted the phone number, you should immediately take steps to block that number. Information on how to block numbers can be found on your device’s webpage or FAQs.
  • If you followed further instructions and provided your UTORid and password, please immediately change your password by clicking on the ‘reset’ link in the Password and Account Management section at

2. Attachment ‘request’

The second common phishing email appears to come from someone in the U of T community. For example, the attackers attempt to engage administrative staff members by pretending to be a current student. The email claims to provide ‘requested’ details through an attachment that they prompt the recipient to download. The attachment contains potentially malicious content that, when opened, could affect the user. Examples of this phishing email can be viewed on the Security Matters PhishBowl here:

If you have received this email, ISEA recommend you take the following actions:

  • If you opened an attachment that you suspect may be malicious, please run your anti-virus software. If you do not have anti-virus software or you are in a position where it cannot be run, you should contact helpdesk for further assistance at:

During this busy time, ISEA would like to remind the U of T community to be vigilant and to report any communications that seem unexpected or odd. Please follow the guidelines outlined here:

Recipients of phishing emails are also asked to report these messages using the “Report Message” function in Outlook, which can help reduce the number of times these emails are delivered. To report an email, follow these steps:

Select the email.

  1. For Outlook on desktop, look to the top right of the menu bar for a ‘Report Message’ icon. If you are using the online version of Outlook, look for the three dots to the right of the forward email symbol.
  2. Click on the arrow or dots and select the ‘Phishing’ option.
  3. In the popup window, confirm you would like to report. After confirming, the email will be reported and removed from your inbox.

For more tips on how to spot phishing emails and stay safe online, visit the Security Matters resource section.